On Sun, 14 May 2006 14:30:28 +0200, Jim Ley <jim@jibbering.com> wrote:
> Sure, but if the groups aim is to work in public, then it needs to work
> in public, ie provide the motivations for the decisions, and not just
> the decisions, otherwise exactly what happens here happens and all we
> get is discussion on the public list that exactly reflects the existing
> discussions already had at a f2f or in a telcon etc. Which wastes
> everyones time. Just reporting decisions is unhelpful, especially when
> they reverse previous public decisions of the group.
I agree. I guess there's some delay at some point in the process.
>> What was raised against that is that it hurts adoption of new HTTP
>> methods. That's true for all other types of APIs as well though.
>> Internet Explorer 7 as opposed to Internet Explorer 6 uses a whitelist
>> and other browsers vendors are planning to do the same thing. The
>> whitelist would contain all "safe methods" currently spreaded over
>> various RFCs.
>
> I assume the whitelist is a SHOULD requirement - a MUST requirement
> would be absolutely wrong as it prevents user agents from denying them
> for security reasons.
That's something else we resolved. All security related "requirements" are
going to be SHOULDs so you can ignore them if you have good reasons.
Please let me know if you find a place in the specification where this is
not the case.
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>